Why Should the IT Helpdesk be Responsible for Authorizations?

Robert Doswell, Managing Director, Tools4ever UK

People can arrange their personal finance through Internet banking while e-HRM even allows them to manage their days of leave. However, they have no way of managing their network access rights by themselves. This remains the responsibility of the IT helpdesk. How logical is it to have the IT helpdesk decide whether users receive access rights to applications?

Because, all things considered, the IT helpdesk has no idea whether someone really needs these access rights to perform their daily work. Why don’t companies delegate the assignment of network access rights to the organization — to the relevant managers and other responsible stakeholders? After all, they are the ones who know what employees actually need. Added to which, it would substantially relieve the helpdesk of its work burden.

Using the steps below, businesses small and large will be able to transfer user management tasks from the IT helpdesk to the organization in a simple and secure manner.

– Identify frequently occurring changes: Make sure to map out the top 10 of logical changes that the helpdesk is asked to perform. This will often concern requests, such as assigning reading and writing rights to folders, adding of removing a distribution list or authorizations for a particular application. These logical changes can be automated in a simple way. Unfortunately, the same does not apply to physical changes (such as requests for a new desk or smartphone). The latter category will always require physical intervention by another person. More benefits can be gained by automating logical changes.

– Insight into the change approval cycle: Subsequently, one has to look at how the change approval process takes place across the organization. Who is responsible for what? Automating the delegation of change requests to the organization requires that an owner – e.g. a supervisor, application administrator or licence manager – is defined for every change. This means the IT helpdesk is no longer the owner of the change.

– Digitizing paper-based processes: Processes that currently use paper forms can be digitized. The advantage of this is that obligatory fields can be added and employees can be authorised before submitting a change request.

– Self-service portal: The next step is to lay down the approval cycles in a workflow management system. Staff members should be able to independently request, check and approve IT facilities through a web portal. Change requests are automatically forwarded to the right owner, who can approve or reject the request and provide an explanation where necessary. It will not be possible to implement a change until the responsible manager or owner has given approval. All the relevant details, including the requester, the request proper, the time of approval and the approver are laid down in an audit trail. Employees can follow the status of their request at any time through the portal, meaning they do not have to approach the IT helpdesk for this purpose.

– Implementation of changes across the network: Upon approval, change requests can be directly implemented across the network using the identity and access management (IAM) suite. For instance, particular authorizations can be assigned to a specific user account. The software will also automatically register the change in a service management solution and automatically implement it.

When organizations follow these steps, they eliminate the IT helpdesk from the decision tree. Organizational change processes are thus delegated to the right persons, namely the users, application administrators and managers.

Robert Doswell is managing director of Tools4ever UK, a global provider of identity and access management solutions.